Question 39
Domain 1: Data Collection, Use, Dissemination, and DestructionA sales team wants to scrape public professional profiles to train a lead-scoring model. What is the MOST important privacy question to ask before building the pipeline?
Correct answer: B
Explanation
The key privacy check is whether the data use matches the original context and purpose, because privacy rules focus on purpose limitation and data minimization. Before scraping, ask whether the planned collection and reuse fit the original context and whether all fields are actually necessary, since collecting more than needed increases privacy risk.
Why each option is right or wrong
A. Whether the scraper can run on a cheaper server
B. Whether the planned collection and reuse fit the original context and whether all fields are actually necessary
Under GDPR Article 5(1)(b) and (c), personal data must be collected for specified, explicit purposes and limited to what is adequate, relevant, and necessary for that purpose. Scraping public profiles for a lead-scoring model therefore requires checking whether the new use is compatible with the original context of publication and whether each field is actually needed; if not, the collection is overbroad even if the profiles are publicly accessible.
C. Whether the model can be trained without any documentation
D. Whether the team can avoid telling internal stakeholders about the project